1. Field of the Invention
The invention is in the field of electronic mail (“email”), and more particularly in the field of filtering email for spam, phishing and viruses.
2. Description of the Related Art
Email has become a business critical form of communication. Resultantly, protecting email systems from attack, abuse and misuse has become increasingly important.
Early attempts required directing all external email traffic to first pass through a third-party system which provided various forms of protection, However, this required changing mail server addressing which added complexity, limited flexibility and was not always desirable.
Another prior approach was to place a protection device at the front-end of a local network to receive all external email traffic, An example of this approach is shown in FIG. 1 where a firewall device 130 is placed in front of a mail server 150. With this arrangement, firewall device 130 receives all email traffic coming to a local protected network 140 from a mail sender such as Mail Transfer Agent (“MTA”) 110 across internet 120. Firewall device 130 typically provides services such as attack prevention and email virus scanning.
In order to provide protection against email spam, also known as junk email, a separate device was typically placed between firewall 130 and mail server 150, as shown in FIG. 2, where an anti-spam appliance 145 can be seen in communication between firewall 130 and mail server 150. Anti-spam appliance 145 receives emails from firewall 130 and prevents those that are spam from reaching mail server 150. However, installing, configuring and managing yet another piece of equipment further complicates things.
As a result, in a more recent prior approach, firewall 130 was sometimes replaced by a Unified Threat Management (“UTM”) gateway device which incorporated attack prevention, email virus scanning, anti-spam functionality, etc., into a single device. However, including this much functionality into a single device increased cost and complexity and required the device to have greater processing, memory and storage capacity.
It would be desirable to reduce such cost, complexity and device capacity, while still eliminating additional equipment, yet still provide a high level of protection services.